FOSS Force on Facebook

On Saturday the 21st of March, I climbed on board a passenger aircraft in order to eventually arrive in Boston that same day. It had one stop, where I had to change flights, but with 44 minutes betwee...

Columbia, South Carolina's Posscon conference is still a couple of weeks away and already nearly sold out. We're hearing from the conference organizers that anyone planning on attending who hasn't got...

FOSS Week in Review Larry Cafiero's off doing some important Larry stuff and I was told I could avoid detention if I wrote the Week in Review for him, so here I am. LibreOffice as SaaS This from our "...

Friday FOSS Week in Review

Google’s been everywhere in the news this week, so much so that I’ve considered calling this week’s column “Friday Google Week in Review.” It’s not all Google, however, but it is all interesting – at least to me.

8% of Android Apps Leak Data

On Tuesday, security site Dark Reading reported that Neil Daswani, CTO for security firm Dasient has found that about 8% of Android apps leak user data. In a study that will be released in full at next month’s Black Hat conference in Las Vegas, Daswani found that 800 out of 10,000 applications tested were found to be leaking personal data. Eleven of the apps were sending mobile spam, SMS messages, to other smartphones.

“‘Some of these applications, once started, were sending premium SMS messages,’ Daswani says. ‘The user ends up paying for those messages, and they can be pretty expensive. It’s sort of like the old 900 number scams, where if you called once, your phone would continue to incur the charges over and over again.'”

The study also found instances where Android apps attempted to take root control of a device, some then attempting to spread to other phones worm-style:

“‘Once you have root-level control, you pretty much own the phone,’ Daswani says. ‘This is a problem that carriers and device makers will have to take action on very soon.'”

In addition, the study also proves that malware can be delivered to an Android device by means of drive-by downloads from legitimate applications.

Obviously this means that the folks at Google need to find a better way of vetting the apps offered for sale on the Android Market, as Zenobia opines on digitizor:

“This malware problem on Android has become too much. One of the main reason that we see malicious apps in the market is because of the lack of regulation in the apps that get into the Android Market.

“Sure, the lack of regulation can be good. It means that developers can make their apps without worrying if Google will accept their apps or not. It fits into the pre-existing application distribution model where anyone can develop and publish their own apps.

“However, this comes at a price – the malware problem. Yes, most of the problems with these malicious apps can be avoided if only users read the permission requirements of the apps. But, what percentage of the users actually read the permission requirements of all the apps they download?”

Until Google gets a handle on this, I’d advise all Android users to be extremely careful about installing apps and to treat the handset as if it’s an insecure Windows device.

Webmaster Tools Glitch Allowed Removal of Sites from Google Database

In his first ever blog on his new blog site, James Breckenridge reported on Tuesday that he’d discovered an exploit in Google Webmaster Tools:

“Yesterday I was busy removing thousands of URL’s from within Googles Webmaster Tools, it was pretty time consuming as there were so many, there had to be an easier way? I settled on quickly making myself a chrome extension that adds a link next to a result in a Google search, deep linked into webmaster tools. With that installed I was busy clicking away removing the URL’s in record time.

“Then I made a little mistake and accidentally removed a URL of a website I have no relation to?!? I was stunned it could be that easy. Surely there was no way Google would actually remove the page, right?”

Wrong. He dug a little deeper and discovered he could indeed remove just about any page he wanted from Google’s index, and published the exploit using the News of the World website as an example. He didn’t actually remove the site, however, and he promptly notified Google who quickly fixed the problem, but he did post this screenshot:

Exploits like this are bound to crop up from time to time, but this couldn’t be good for Google, who’s trying their damnedest to convince the corporate world that they should trust them to keep all of their data safe and secure in the cloud. Kudos to Mr. Breckenridge, however. Pretty impressive first blog post.

Screenshot from SharkCloud Demo

Last month I reported on Storm Bear Williams open source office apps project Shark Cloud, which will be able to be used hosted on the SharkCloud servers ala Google Apps or can be downloaded for an install on the users own server. Since then, Williams has sent me a nifty screenshot from the proof of concept demo he’s been working on of a cloud based spreadsheet. Although he cautions that this isn’t anywhere near the final product, just something to show potential investors, it still looks pretty good to me:

He says the search is still on for a CTO and anyone who can write code. If you’re interested, give him a shout at storm at sharkcloud.com. Oh, they also need money. Did I say that? Money. Paper grease. Investors. Angels.

Google vs. Oracle

If trouble with the app store wasn’t enough, Google’s under seige from a lot of directions regarding Android. First and foremost is Google’s difficulties with Oracle, who wants a gazillion dollars for Android’s alleged infringement of Java. Google, on the other hand, thinks the sum of zero would be more appropriate.

Yesterday, U.S. District Judge William Alsup basically told Oracle and Google that they’re both nuts. “You’re both asking for the moon and you should be more reasonable,” he said, according to Reuters. Last we heard, Oracle was claiming they’re owed anywhere between $2.6 and $6.1 billion, while Google’s has been standing by their estimate that they owe zippo.

Google may be willing to negotiate, however, as they’re suddenly remembering once talking to Sun about licensing Java for Android and recollect that Sun had offered a license for a mere $100 million. Anyway, it’s becoming pretty evident that Google’s probably going to pay something, but don’t look for it to be a deal breaker for Android. That’s another fight, that involves Apple, Microsoft and HTC…

Speaking of which, Google’s chairman Eric Schmidt also this week kind of sort of stood by their good partner HTC in their Android patent battle with Apple. Stay tuned…

Stallman Says Be Wary of the Cloud

Finally, in an opinion piece for Spiegel Online, the free software guru Richard Stallman urged users to be careful with sensitive data online:

“…Facebook’s users do not pay, so they are not its clients. They are its merchandise, to be sold to other businesses. If the company is in the US, or is a subsidiary of a US company, the FBI can collect this data at whim without even a court order under an un-American US law, euphemistically named the ‘Patriot Act.’

“Services also offer to operate on the users’ data. In effect, this means that users do their computing on the servers, and the servers take complete control of that computing.

“There is a systematic marketing campaign to drive users to entrusting their computing and their data to companies they have absolutely no reason to trust. Its buzzword is ‘cloud computing,’ a term used for so many different computing structures that its only real meaning is: ‘Do it without thinking about what you’re doing.'”

**********

Well, that does it for this week. See you on Monday. In the meantime, may the FOSS be with you!

Richard Stallman is the founder of the Free Software movement, not the Open Source movement. The two are very different in philosophy and Stallman does not support the Open Source movement. Correct would be to say, “free software guru Richard Stallman”.

@Peter Good point. You should be a copy editor. However, though I’m sure RMS would agree with you wholeheartedly, he’s also the main author of the GPL, the most used of the copyleft open source licenses, I think we can safely say that he’s also a guru to the open source crowd.

But, then again, as you imply, it’s hard to separate Mr. Stallman from “free,” as there are some open source licenses that certainly aren’t free. How about I change it to “chief FOSS guru Richard Stallman”?

BTW Peter, just for the record, there’s hardly anyone in the FOSS community (or in any other community, for that matter) I admire as much as Richard Stallman.

Peter is right, “free software guru” is probably what RMS would like to see. Freedom matters and RMS has repeatedly corrected people who would associate him with the “Open Source” movement which was founded to avoid talking about user rights and freedom.

Android is a good example of what happens when you ignore the four software freedoms for temporary economic advantage. Most Android handsets are jails and a nice pile of freeware is not a good substitute for user freedom. As in the case of gnu/linux on the desktop, any non free software will turn your computer against you. Free software people have long advised users to stick to community distributions like Debian and avoid non free additions.

At the same time, you are being a little alarmist about the state of Android. Comparing it to Windows in both rate of infection and freedom is hyperbole. Telco providers forced Google to screw users and waste a lot of developer time by stepping away from copyleft, but Android is free software and should be promoted as such. Users should demand their software freedom when purchasing an Android device. I’m waiting for a phone that I know I can wipe and install a clean, community version or gnu/linux and carry an old brick which I consider hostile. People who can’t wait for real freedom are better off buying an Android than they are other phones. Developers will be jail breaking the better made models.

As for the first point, RMS, we’ll let freedom win. The change is made. And I agree that Android is about as free as it gets right now, but so far it’s a closed system, and will remain so until the telcos lighten their grip.